Our recent webinar, Using Security to Enhance the Bottom Line, made the business case for a strong security program. Our presenters shared their experiences and insights about the impact that cybersecurity has on a company’s financials.
In case you missed it, you can watch the on-demand version of the webinar to hear directly from Jo Peterson and Kim Kunzler. Jo is the Vice President of Cloud and Security Services for Clarify360, and the Chief Analyst at ClearTech Research, and Kim is a Regional Director at Perimeter 81.
This post explores two of the main themes that emerged from the discussion: business enablement and cost savings.
Jo and Kim discussed several ways that an organization’s security program acts as a business enabler, a few of which are highlighted here.
One notable topic was the use of remote workers – both employees and contractors – and the security considerations that come into play. By implementing controls that ensure secure remote access to corporate resources, organizations can leverage a workforce with a wide range of skills. This can provide valuable capabilities not otherwise available with a traditional, in-office team.
When recruiting direct employees, businesses in several industry sectors have been dealing with persistent talent shortages and competing for the same workers. Even in a post-pandemic world where some staff have returned to the office, the ongoing tight labor market has forced organizations to offer remote work for hard to fill or specialized roles.
At the same time, employee mindsets have shifted and many individuals prefer to work remotely at least part of the week. For the foreseeable future, remote work will continue to be a part of many organizations’ processes.
Consultants and freelancers are another group that offer value to organizations while connecting from outside the corporate network. This is a phenomenon that continues to grow, and it’s estimated that freelancers will make up a majority of US workers as of 2027.
Kim noted that organizations that don’t adjust to new work models, whether that’s remote, hybrid, or freelance, “might be leaving money on the table.” That’s because they could be tapping into valuable pools of talent, as well as potentially finding lower-cost personnel in new geographies.
Jo stressed the importance of asking in-depth questions about the broader attack surface that’s created by those new connections to corporate networks. She observed that business leaders may focus only on the advantages associated with offloading some of the workload to contractors, while overlooking the security implications.
Given the staffing challenges that continue to plague several industries, enabling secure access to remote workers and freelancers can be a game-changer. So it’s essential that businesses establish a security strategy that covers all work models.
Achieving compliance with industry mandates and adhering to prominent security standards can make a significant difference when seeking new business opportunities. As Jo discussed, this is a no-brainer for organizations where demonstrating compliance is “table stakes” based on their industry. As an example, she mentioned that companies that aim to do business with the US Department of Defense must be CMMC compliant. In this case, it truly is a deal breaker and affects more than 350,000 contractors.
However, Jo has observed that businesses outside of heavily regulated industries can use security standards to their advantage by pointing to their compliant status to validate their trustworthiness.
Kim continued with this thought, noting that she has told many clients that if they have network security that’s compliant with SOC 2 or ISO 27001, they can “really use that to their advantage and leverage that to win net new business, [especially] with larger organizations.”
Throughout the webinar, our presenters talked about some of the ways that a security program can deliver actual cost savings – more than enough to justify the cost of the people and tools – as well as the potential to avoid costs by having an effective program in place.
Both Jo and Kim have firsthand experience working with companies that achieved meaningful results by augmenting their security programs. For example, Jo shared the story of a client that was overwhelmed with alerts coming from various security tools. In this case, one analyst was dealing with more than 1100 alerts per month, many of which turned out to be false positives.
By implementing automation to monitor and handle initial triage on the alerts, the organization calculated a total of $186,000 in cost savings. And, as Jo noted, a knock-on effect is that a security operator who is newly freed up from manual tasks can be redirected to something more productive and valuable.
Kim shared an example of a global logistics company she worked with that operates more than 20 sites across multiple continents. The company was growing through mergers and acquisitions and, as a result, was dealing with a wide range of security tools.
One aspect of their security portfolio, Secure Access Service Edge (SASE), was particularly strategic given the geographically-distributed nature of their operations. Kim worked with the IT and security team to simplify a very complex web of tools. By consolidating and standardizing the tools they were using for remote access and web filtering, the company is now saving hundreds of person-hours just on the network visibility aspect.
It’s also clear that an effective security strategy can help avoid substantial costs. While it may not be possible to prove that your security tools and processes have blocked a ransomware attack or other costly incident, there’s no doubt that the threat is real. The FBI recently reported that ransomware cost organizations more than $34 million in 2022, with 70% of attacks impacting small businesses.
As Jo explained, a successful attack is “not a point in time situation. It’s a journey – and not a happy one.” She articulated – and other experts agree – that the actual costs go far beyond the ransomware payment itself and include things like:
Jo summarized that, when considering the full impact of a security event, “it’s about painting a story about the long term effect of what could happen to your business.”
There are numerous success stories of companies reaping the financial benefits of strong security programs through improved efficiency, increased competitiveness, and cost avoidance. Cybersecurity is not merely an expense but a strategic investment that can both protect and enhance a company’s financial well-being.
These are just a few of the insights gleaned from our recent webinar. To hear more, check out the on-demand webinar here.